Solved System Error! Your computer is infected by unknown trojan.

harrisc1 · 2008/03/20

[Resolved]System Error! Your computer is infected by unknown trojan.

I have a message which keeps opening in Internet Explorer, which reads: System Error! Your computer is infected by unknown trojan.
It's dangerous for your system (critical files can be lost)!
Click OK to download the antispyware program to clean your system! (Recommended)

I am infected. I use AVG virus scan and Spysweeper software and they did not stop this annoying popup window. I tried to follow your instructions. Thanks for any help.

Here is HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:37 AM, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Common Files\AOL\1186409290\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe
C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\DigiPortal Software\ChoiceMail\CMServer.exe
C:\Program Files\DigiPortal Software\ChoiceMail\CMServer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\CRS\BATTLE~1\ww2_sse2.exe
C:\Program Files\teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pro.edgar-online.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Media Player Classic - {CE0487CA-8B02-431E-BA63-D38844E020B5} - C:\WINDOWS\ausctv32a.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe "
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1186409290\ee\AOLSoftware.exe "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe "
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ChoiceMail] "C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] "C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe" -a
O4 - HKCU\..\Run: [XdriveTrayIcon] "C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe "
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe "
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O8 - Extra context menu item: Save to &Xdrive - res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://singularresearch.webex.com/client/T26L/training/ieatgpc.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Choice Mail (svcChoiceMail) - DigiPortal Software, Inc. - C:\Program Files\DigiPortal Software\ChoiceMail\\CMServer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Xdrive Service - Xdrive LLC - C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe

--
End of file - 9290 bytes

harrisc1 · 2008/03/20

Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-20 08:32:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
103: 2008-03-20 15:33:14 UTC - RP438 - Deckard's System Scanner Restore Point
102: 2008-03-19 20:13:21 UTC - RP437 - System Checkpoint
101: 2008-03-18 19:26:36 UTC - RP436 - System Checkpoint
100: 2008-03-17 18:17:14 UTC - RP435 - System Checkpoint
99: 2008-03-16 17:44:40 UTC - RP434 - System Checkpoint

-- First Restore Point --
1: 2007-12-22 10:18:05 UTC - RP336 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:56 AM, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Common Files\AOL\1186409290\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe
C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\DigiPortal Software\ChoiceMail\CMServer.exe
C:\Program Files\DigiPortal Software\ChoiceMail\CMServer.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Citrix\GoToMyPC\g2mainh.exe
C:\Program Files\Citrix\GoToMyPC\g2host.exe
C:\Program Files\Citrix\GoToMyPC\g2printh.exe
C:\Program Files\Citrix\GoToMyPC\g2audioh.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pro.edgar-online.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Media Player Classic - {CE0487CA-8B02-431E-BA63-D38844E020B5} - C:\WINDOWS\ausctv32a.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe "
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1186409290\ee\AOLSoftware.exe "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe "
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ChoiceMail] "C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] "C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe" -a
O4 - HKCU\..\Run: [XdriveTrayIcon] "C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe "
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe "
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O8 - Extra context menu item: Save to &Xdrive - res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://singularresearch.webex.com/client/T26L/training/ieatgpc.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Choice Mail (svcChoiceMail) - DigiPortal Software, Inc. - C:\Program Files\DigiPortal Software\ChoiceMail\\CMServer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Xdrive Service - Xdrive LLC - C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe

--
End of file - 9475 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 TPP200 (USB Storage Adapter V2 (TPP)) - c:\windows\system32\drivers\tpp200.sys <Not Verified; In-System Design, Inc.; TPP Storage Adapter>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 svcChoiceMail (Choice Mail) - c:\program files\digiportal software\choicemail\\cmserver.exe <Not Verified; DigiPortal Software, Inc.; ChoiceMail Server>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-03-17 01:00:03 1648 --a------ C:\WINDOWS\Tasks\wrSpySweeper_LC5AACB0355D442C1BBBA7530F21DEEFB.job
2008-03-15 12:59:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-02-20 and 2008-03-20 -----------------------------

2008-03-20 06:23:17 0 d-------- C:\Program Files\Trend Micro
2008-03-19 19:19:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-19 19:19:12 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-19 19:19:08 0 d-------- C:\WINDOWS\LastGood
2008-03-19 17:07:06 222208 --a------ C:\WINDOWS\ausctv32a.dll
2008-03-19 17:07:04 50 --a------ C:\xmp.bat
2008-02-23 17:03:34 0 d-------- C:\Program Files\iPod
2008-02-23 17:03:23 0 d-------- C:\Program Files\iTunes
2008-02-23 17:00:15 0 d-------- C:\Program Files\QuickTime

-- Find3M Report ---------------------------------------------------------------

2008-03-20 06:45:31 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-03-20 06:07:13 0 d-------- C:\Documents and Settings\Owner\Application Data\teamspeak2
2008-03-20 03:54:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-03-19 19:09:35 0 d-------- C:\Program Files\Plaxo
2008-03-17 17:42:03 0 d-------- C:\Program Files\BEGameMonitor
2008-03-15 06:14:01 0 d-------- C:\Program Files\Java
2008-03-13 17:40:38 0 d-------- C:\Program Files\LimeWire
2008-02-29 15:25:07 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-28 11:46:25 0 d-------- C:\Program Files\Common Files
2008-01-28 11:46:25 0 d-------- C:\Program Files\Common Files\xing shared
2008-01-28 11:46:22 0 d-------- C:\Program Files\Real
2008-01-28 11:44:30 0 d-------- C:\Program Files\Common Files\Real
2008-01-25 13:35:28 0 d-------- C:\Program Files\Research Insight
2008-01-17 10:09:44 164 --a------ C:\install.dat
2007-12-26 11:33:25 2 --a------ C:\tmppni

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CE0487CA-8B02-431E-BA63-D38844E020B5}]
03/19/2008 05:07 PM 222208 --a------ C:\WINDOWS\ausctv32a.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "RUNDLL32.exe" [02/28/2006 05:00 AM C:\WINDOWS\system32\rundll32.exe]
"nwiz "= "nwiz.exe" [10/22/2006 01:22 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter "= "RUNDLL32.exe" [02/28/2006 05:00 AM C:\WINDOWS\system32\rundll32.exe]
"CTHelper "= "CTHELPER.EXE" [08/17/2006 12:32 PM C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp "= "CTXFIHLP.EXE" [08/17/2006 12:32 PM C:\WINDOWS\system32\CTXFIHLP.EXE]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/20/2007 09:50 AM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"GoToMyPC "= "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" [01/12/2007 06:45 PM]
"SSBkgdUpdate "= "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/28/2006 01:16 PM]
"PDF4 Registry Controller "= "C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe" [10/05/2006 01:26 PM]
"TPP Auto Loader "= "C:\WINDOWS\TPPALDR.EXE" [10/05/2001 12:54 PM]
"HostManager "= "C:\Program Files\Common Files\AOL\1186409290\ee\AOLSoftware.exe" [04/20/2006 10:10 AM]
"Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/14/2007 02:11 PM]
"VX6000 "= "C:\WINDOWS\vVX6000.exe" [10/13/2006 05:04 PM]
"LifeCam "= "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [10/13/2006 05:01 PM]
"NeroCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 02:50 AM]
"NBKeyScan "= "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/28/2008 11:43 AM]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"SpySweeper "= "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 09:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ChoiceMail "= "C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe" [01/30/2008 02:41 PM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 05:00 AM]
"PlaxoUpdate "= "C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe" [02/11/2008 11:48 AM]
"XdriveTrayIcon "= "C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe" [09/10/2007 04:29 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll 01/12/2007 06:45 PM 10800 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@= "Service "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{734f0343-39fa-11dc-92fe-001617f0d91f}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE

-- Hosts -----------------------------------------------------------------------

10.254.254.253 Xdrive

-- End of Deckard's System Scanner: finished at 2008-03-20 08:36:45 ------------

harrisc1 · 2008/03/20

Looks like this may be culprit:

ausctv32a.dll

http://malwarebytes.besttechie.net/2008/03/18/cwindowsausctv32adll/

harrisc1 · 2008/03/20

I think I may have removed it:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-03-20 09:14:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:15 AM, on 3/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Common Files\AOL\1186409290\ee\AOLSoftware.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DigiPortal Software\ChoiceMail\CMServer.exe
C:\Program Files\DigiPortal Software\ChoiceMail\CMServer.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Citrix\GoToMyPC\g2mainh.exe
C:\Program Files\Citrix\GoToMyPC\g2host.exe
C:\Program Files\Citrix\GoToMyPC\g2printh.exe
C:\Program Files\Citrix\GoToMyPC\g2audioh.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pro.edgar-online.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe "
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1186409290\ee\AOLSoftware.exe "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe "
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ChoiceMail] "C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] "C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe" -a
O4 - HKCU\..\Run: [XdriveTrayIcon] "C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe "
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe "
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O8 - Extra context menu item: Save to &Xdrive - res://C:\Program Files\Xdrive\Xdrive Desktop\xdrive.exe/std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://singularresearch.webex.com/client/T26L/training/ieatgpc.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Choice Mail (svcChoiceMail) - DigiPortal Software, Inc. - C:\Program Files\DigiPortal Software\ChoiceMail\\CMServer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Xdrive Service - Xdrive LLC - C:\Program Files\Xdrive\Xdrive Desktop\XdriveService.exe

--
End of file - 9367 bytes

-- Files created between 2008-02-20 and 2008-03-20 -----------------------------

2008-03-20 08:50:18 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-03-20 08:50:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-20 08:50:06 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-20 06:23:17 0 d-------- C:\Program Files\Trend Micro
2008-03-19 19:19:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-19 19:19:12 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-19 17:07:04 50 --a------ C:\xmp.bat
2008-02-23 17:03:34 0 d-------- C:\Program Files\iPod
2008-02-23 17:03:23 0 d-------- C:\Program Files\iTunes
2008-02-23 17:00:15 0 d-------- C:\Program Files\QuickTime

-- Find3M Report ---------------------------------------------------------------

2008-03-20 09:02:59 0 d-------- C:\Program Files\Plaxo
2008-03-20 06:45:31 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-03-20 06:07:13 0 d-------- C:\Documents and Settings\Owner\Application Data\teamspeak2
2008-03-20 03:54:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-03-17 17:42:03 0 d-------- C:\Program Files\BEGameMonitor
2008-03-15 06:14:01 0 d-------- C:\Program Files\Java
2008-03-13 17:40:38 0 d-------- C:\Program Files\LimeWire
2008-02-29 15:25:07 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-28 11:46:25 0 d-------- C:\Program Files\Common Files
2008-01-28 11:46:25 0 d-------- C:\Program Files\Common Files\xing shared
2008-01-28 11:46:22 0 d-------- C:\Program Files\Real
2008-01-28 11:44:30 0 d-------- C:\Program Files\Common Files\Real
2008-01-25 13:35:28 0 d-------- C:\Program Files\Research Insight
2008-01-17 10:09:44 164 --a------ C:\install.dat
2007-12-26 11:33:25 2 --a------ C:\tmppni

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "RUNDLL32.exe" [02/28/2006 05:00 AM C:\WINDOWS\system32\rundll32.exe]
"nwiz "= "nwiz.exe" [10/22/2006 01:22 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter "= "RUNDLL32.exe" [02/28/2006 05:00 AM C:\WINDOWS\system32\rundll32.exe]
"CTHelper "= "CTHELPER.EXE" [08/17/2006 12:32 PM C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp "= "CTXFIHLP.EXE" [08/17/2006 12:32 PM C:\WINDOWS\system32\CTXFIHLP.EXE]
"AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/20/2007 09:50 AM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"GoToMyPC "= "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" [01/12/2007 06:45 PM]
"SSBkgdUpdate "= "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/28/2006 01:16 PM]
"PDF4 Registry Controller "= "C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe" [10/05/2006 01:26 PM]
"TPP Auto Loader "= "C:\WINDOWS\TPPALDR.EXE" [10/05/2001 12:54 PM]
"HostManager "= "C:\Program Files\Common Files\AOL\1186409290\ee\AOLSoftware.exe" [04/20/2006 10:10 AM]
"Google Desktop Search "= "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/14/2007 02:11 PM]
"VX6000 "= "C:\WINDOWS\vVX6000.exe" [10/13/2006 05:04 PM]
"LifeCam "= "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [10/13/2006 05:01 PM]
"NeroCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 02:50 AM]
"NBKeyScan "= "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/28/2008 11:43 AM]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"SpySweeper "= "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 09:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ChoiceMail "= "C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe" [01/30/2008 02:41 PM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 05:00 AM]
"PlaxoUpdate "= "C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe" [02/11/2008 11:48 AM]
"XdriveTrayIcon "= "C:\Program Files\Xdrive\Xdrive Desktop\XdriveTray.exe" [09/10/2007 04:29 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll 01/12/2007 06:45 PM 10800 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@= "Service "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{734f0343-39fa-11dc-92fe-001617f0d91f}]
AutoRun\command- EXPLORER.EXE
explore\Command- EXPLORER.EXE
open\Command- EXPLORER.EXE

-- End of Deckard's System Scanner: finished at 2008-03-20 09:14:35 ------------

harrisc1 · 2008/03/20

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 20, 2008 10:55:12 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/03/2008
Kaspersky Anti-Virus database records: 645903
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 147043
Number of viruses found: 26
Number of infected objects: 88
Number of suspicious objects: 0
Duration of the scan process: 01:28:08

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS004FCEBC-11B4-49A7-8442-2E2417323A6E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS055901FF-DCA5-4A01-BC25-6E9A24A5626E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS07931B75-37B8-47F3-8CD4-5CC2CA0612F3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0DA9FFA5-AA24-40F0-BF08-2E6F6922DD78.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0E0833FA-0A6D-478C-884C-99EAB016AC1E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1339544E-5FCC-4B1A-AFFE-22399BAEEDFA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS13A52E00-E510-4D09-9771-7E92877D7F71.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1671FAA6-C842-48A5-9587-B73BE94F16DD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1800016E-38FE-4F23-A155-D316DB129342.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1B357965-5AA5-4585-BB99-A745817BE4EC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1CC92735-FF61-4C98-B59E-03C38C075D6D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1EB2B08E-8429-418E-984F-10ECB9DBE3FD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1EC53AA6-ADC9-4B6F-913A-AB788E6D2F10.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2606697B-6EB7-421F-9081-8981070B05D4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS26DA52B5-62EC-4DD0-BD48-25172A74166B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS28315347-D8A7-4E15-8D90-A3E7A45407D3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS32B0DA5C-697B-4515-A2BB-9480EA0CFEB0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3E8140AA-9504-4F87-B70D-5383FF4DCD6D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3F160C57-1C4C-4B37-9623-F24DF9C246D5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS46E696F3-5566-4C56-A153-FF3272CC0DC8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS485FB09E-2E73-488A-94FB-9DF59BD9C4CE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS49C5CB09-EFD1-402B-82C7-14186112EDB9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4DFD65F0-EDCD-400A-9950-8B14E1CDAF00.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS550D06DD-FD0D-4455-9B49-95EC13B5BC11.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS56F13F25-455C-4568-9B67-957D349EFDF9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5904489E-E018-47A2-B11C-12C6A81A3E32.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5D2932B0-B6DC-4471-B4C5-4C9DA5CDC58A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS62611491-13EA-43B8-8BA4-BF993DA8CF50.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6549A946-1692-4FD5-9CCA-5366323BDF76.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS65932AE5-C7E5-4614-B1C8-197C0989A4F9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS65AE824F-75F8-40AB-990F-0E55960A0710.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS67DA0CEA-C6E6-4418-B4C5-07C5622C91FE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6CCE60A2-64C9-49E9-BDE5-30A486592EAB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS72D0AAB1-F299-46A5-AF37-06212DA5661B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS769A47FA-0678-4583-BC39-383410880024.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS76BF45DB-E7D0-437D-A14A-448F79A1B299.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7A8ED7F6-1F82-4454-B436-D6AA6A4F35CB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7DEF51B6-06A7-4C49-922E-4E4ECBD694A6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS801D8B49-0912-4043-9A43-615B9690DA7B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS83AEAC8F-60A9-488A-8A04-84FAA1028225.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS85C1ABA2-8BB4-42E4-874F-B4EC83C95C72.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS86C61CC6-06FB-4288-BA5D-26BD39A4646C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS878D00AA-0768-4C90-994D-504AB4853DA6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8A995670-77CC-430A-A3C9-D4C8CD491E97.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8AA71A47-46F4-48CE-A8F6-8E9D1A66C1D6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8ADEAA39-322E-4CF9-B3A7-FD5947CC4583.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8BB867A2-3001-462E-AD58-3BE9DECC6572.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS902CAE8F-08A6-442A-9F9B-B04FA2CAE372.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS914D3019-FCCF-42AD-92E4-E072D860005D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS94052C63-3E9E-4E5A-A41A-6E87D9619531.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS94FAC062-74B7-4BD4-B072-87C06173D580.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS97746A0A-4D40-4F2C-8FC6-4A3E52CCD798.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA21FD9E9-99AE-4DE7-A34A-FCBD8A833005.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA783D97D-8EA6-4345-8A37-B9CA85C5316D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA7915872-FAEB-4682-A5C3-F6944B6DF799.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAAC46FB2-7308-4814-8C25-16F811425891.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAB9D912D-866E-4B85-8D23-4F53071CA068.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSADFD8EBE-A692-49B1-A2BC-7BB855505036.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAEECC925-5039-4EC5-8747-4F1F8A778825.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB1C7BA67-AFEC-4D91-B855-EC21F3591EEC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB2081014-72D5-4657-869C-28D6D3EA4DA8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB6AB02A0-D671-47D1-9405-828A7A8B0074.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBC63F3C0-2AC7-4B48-AFCC-0211E5388886.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBD0C942E-1AD3-4ED8-8626-5D9AF014CCBE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBEFB7B40-6919-4712-BCCD-1E415BC1733D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC553F83A-0FCE-4B41-ACA5-17A0657FA5E1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC69AE979-73FC-4118-AF1F-7E009F1C6857.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC778DC6C-9367-4574-9FE6-01A63D2D7A6F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC85FF62A-B2B5-457C-A514-98ECCC359C9A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCCAE278D-EEE3-40E2-92AA-49032E797B8F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCF2B684B-76BB-4CEF-8109-7815E03FD4C0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCFB7C727-B387-4893-99C2-634BBB7DBF9F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD39B409D-E556-48AC-B591-37FA00731D0A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD65377B5-4AC6-485E-8578-72DA13874602.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD72D44DB-BF68-4ECD-BE10-D47C305BF1B3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD7B99BFA-E150-468F-927B-ED443278D657.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD80CCCC8-5FF5-4D90-8DF1-F567DF48216E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD8FA0017-9348-4800-9A02-C0C2EE9384D0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD997937A-C49F-425B-A1DF-A8A9F9CB04DC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDC5CACE8-E352-400A-A4AC-63EBEA57E5C3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDEC124C4-F759-4B96-AE3D-4C25ECC1CAA6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE15E48F5-333C-4218-B1CC-D5F26AF5C84F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE250EDE7-41F8-4996-BDBD-81E9A4F4126B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE94FF356-C678-4068-B5AB-FA9397DFEB3A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSECF967A8-6631-471F-B95B-DAA1CDD1A0FE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF100C8EA-7797-49CF-B44C-9AF648080BAF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF21D2BC1-677A-4BC6-8073-3B8CD65F63C4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFADB72A8-F041-413D-BDC8-1C07BC6A0455.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFF3058AF-BBB5-43B8-BC68-CA953A63E96B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Forms\EXCEL.box Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Outlook\Outlook~3.srs Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Webroot\Spy Sweeper\Logs\080320090313.ses Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Xdrive\Xdrive Desktop\CompleteLog.txt Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Xdrive\Xdrive Desktop\Tray.txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\AccessMediaSetup.exe Infected: Trojan-Downloader.Win32.Delf.fwe skipped
C:\Documents and Settings\Owner\Desktop\Audible_Nero_English.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\Owner\Desktop\Audible_Nero_English.exe 7-Zip: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbc2em.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbc2emh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbu2dm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbu2dmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\fim1i.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\fim1ih.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\archive2.pst Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\backup.pst Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008032020080321\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\INMEM000.REM Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\VBAC.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\VBAD.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF4269.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF4AD4.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF4AE4.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF6085.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFC00.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Audible\Logs\EXCEL_AudibleShellExt.log Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Audible\Logs\OUTLOOK_AudibleShellExt.log Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\PDOXUSRS.NET Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2host.log Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2svc.log Object is locked skipped
C:\Program Files\DigiPortal Software\ChoiceMail\cmdb.ldb Object is locked skipped
C:\Program Files\DigiPortal Software\ChoiceMail\cmdb.mdb Object is locked skipped
C:\Program Files\DigiPortal Software\ChoiceMail\mailboxes\harrisc1\11C31100-C0E2-430D-AB53-841597550169.msg/[From aw-confirm@ebay.com][Date Mon, 01 Aug 2005 20:48:23 +0000]/html Infected: Trojan-Spy.HTML.Bayfraud.hh skipped
C:\Program Files\DigiPortal Software\ChoiceMail\mailboxes\harrisc1\11C31100-C0E2-430D-AB53-841597550169.msg Mail: infected - 1 skipped
C:\Program Files\Research Insight\DICTNRY\csdesc.db Object is locked skipped
C:\Program Files\Research Insight\DICTNRY\csdesc.PX Object is locked skipped
C:\Program Files\Research Insight\DICTNRY\CSDICT.DB Object is locked skipped
C:\Program Files\Research Insight\DICTNRY\CSDICT.MB Object is locked skipped
C:\Program Files\Research Insight\DICTNRY\CSDICT.PX Object is locked skipped
C:\Program Files\Research Insight\DICTNRY\CSDICT.X02 Object is locked skipped
C:\Program Files\Research Insight\DICTNRY\csDICT.X03 Object is locked skipped
C:\Program Files\Research Insight\DICTNRY\CSDICT.X07 Object is locked skipped
C:\Program Files\Research Insight\DICTNRY\CSDICT.Y02 Object is locked skipped
C:\Program Files\Research Insight\DICTNRY\csDICT.Y03 Object is locked skipped
C:\Program Files\Research Insight\DICTNRY\CSDICT.Y07 Object is locked skipped
C:\Program Files\Research Insight\Excel\SPRI80.XLA Object is locked skipped
C:\Program Files\Research Insight\UserData\cs5pdata.DB Object is locked skipped
C:\Program Files\Research Insight\UserData\cs5pdata.MB Object is locked skipped
C:\Program Files\Research Insight\UserData\cs5pdata.PX Object is locked skipped
C:\Program Files\Research Insight\UserData\cs5pdict.DB Object is locked skipped
C:\Program Files\Research Insight\UserData\cs5pdict.MB Object is locked skipped
C:\Program Files\Research Insight\UserData\cs5pdict.PX Object is locked skipped
C:\Program Files\Research Insight\UserData\cs5udata.DB Object is locked skipped
C:\Program Files\Research Insight\UserData\cs5udata.MB Object is locked skipped
C:\Program Files\Research Insight\UserData\cs5udata.PX Object is locked skipped
C:\Program Files\Research Insight\UserData\cs5udict.DB Object is locked skipped
C:\Program Files\Research Insight\UserData\cs5udict.MB Object is locked skipped
C:\Program Files\Research Insight\UserData\cs5udict.PX Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP438\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{1CFC76AD-0B56-4086-86C1-1FDF1BA4180A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CompleteLog.txt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\gotomon.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\Service.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JET3FB3.tmp Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_470.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

harrisc1 · 2008/03/20

Here is the rest. Looks like I still may have some issues.

E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040967.exe/data0004/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040967.exe/data0004/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040967.exe/data0004 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040967.exe Inno: infected - 3 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040968.exe/WISE0136.BIN/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040968.exe/WISE0136.BIN/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040968.exe/WISE0136.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040968.exe WiseSFX: infected - 3 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040968.exe WiseSFXDropper: infected - 3 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040969.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.CommonName.p skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040969.exe/WISE0037.BIN/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ak skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040969.exe/WISE0037.BIN/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aw skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040969.exe/WISE0037.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.aw skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040969.exe/WISE0038.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040969.exe WiseSFX: infected - 5 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040969.exe WiseSFXDropper: infected - 5 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040971.exe/DNETC.EXE Infected: not-a-virus:NetTool.Win32.Calc-DNet.c skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040971.exe ZIP: infected - 1 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040972.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040972.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor.c skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040972.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor.c skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040972.exe/data0007/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040972.exe/data0007/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040972.exe/data0007/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040972.exe/data0007/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040972.exe/data0007/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040972.exe/data0007/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040972.exe/data0007 Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040972.exe/data0008 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040972.exe Inno: infected - 11 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040973.exe/RC5DES.EXE Infected: not-a-virus:NetTool.Win32.Calc-DNet.f skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040973.exe ZIP: infected - 1 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040974.exe/RC5DESG.EXE Infected: not-a-virus:NetTool.Win32.Calc-DNet.j skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040974.exe ZIP: infected - 1 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040975.exe/DNETC.EXE Infected: not-a-virus:NetTool.Win32.Calc-DNet.c skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040975.exe ZIP: infected - 1 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0008/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0008 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0012 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0018/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0018 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0019/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0019 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0022/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0023/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0023 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0026/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0027/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0027 Infected: Trojan.Win32.Krepper.y skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0029/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0029/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040979.exe Inno: infected - 22 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0008/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0008 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0012 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0018/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0018 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0019/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0019 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0022/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0023/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0023 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0026/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0027/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0027 Infected: Trojan.Win32.Krepper.y skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0029/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0029/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe/data0029 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP437\A0040980.exe Inno: infected - 22 skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP438\change.log Object is locked skipped
E:\My Received Files\Download\vnc-3.3.3r7_x86_win32\vnc_x86_win32\vncviewer\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped
E:\Research Insight Databases\North America\Area2\database\CSDPdata.DB Object is locked skipped
E:\Research Insight Databases\North America\Area2\database\CSDPdata.MB Object is locked skipped
E:\Research Insight Databases\North America\Area2\database\CSDPdata.PX Object is locked skipped
E:\Research Insight Databases\North America\Area2\database\CSDPdict.DB Object is locked skipped
E:\Research Insight Databases\North America\Area2\database\CSDPdict.MB Object is locked skipped
E:\Research Insight Databases\North America\Area2\database\CSDPdict.PX Object is locked skipped
E:\Research Insight Databases\North America\Area2\extended\CSDEDATA.DB Object is locked skipped
E:\Research Insight Databases\North America\Area2\extended\CSDEDATA.MB Object is locked skipped
E:\Research Insight Databases\North America\Area2\extended\CSDEDATA.PX Object is locked skipped
E:\Research Insight Databases\North America\Area2\extended\CSDEDICT.DB Object is locked skipped
E:\Research Insight Databases\North America\Area2\extended\CSDEDICT.MB Object is locked skipped
E:\Research Insight Databases\North America\Area2\extended\CSDEDICT.PX Object is locked skipped

Scan process completed.

Geri · 2008/03/20

Hi harrisc1

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, the Advanced Options Menu should appear;

Select the first option, to run Windows in Safe Mode, then press Enter.

Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.

It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

Press any Key and it will restart the PC.

When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Thanks
Geri

harrisc1 · 2008/03/21

SDFix: Version 1.159

Run by Administrator on Fri 03/21/2008 at 09:00 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 09:03:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe "= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe "
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe "= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe "
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe "= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe "
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe "= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe "
"C:\\Program Files\\CRS\\Battleground Europe\\WW2_sse2.exe "= "C:\\Program Files\\CRS\\Battleground Europe\\WW2_sse2.exe:*:Enabled:WW2 "
"C:\\Program Files\\DigiPortal Software\\ChoiceMail\\ChoiceMail.exe "= "C:\\Program Files\\DigiPortal Software\\ChoiceMail\\ChoiceMail.exe:*:Enabled:ChoiceMail "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"E:\\StubInstaller.exe "= "E:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer "
"C:\\Program Files\\LimeWire\\LimeWire.exe "= "C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire "
"C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe "= "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe "
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe "= "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 1 Mar 2001 108,000 A..HR --- "C:\Program Files\MSNStockQuote\MSNStockQuote.dll "
Fri 23 Mar 2001 223,416 A..HR --- "C:\Program Files\MSNStockQuote\MSNStockQuoteUI.dll "
Mon 30 Jul 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
Tue 27 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp "
Fri 8 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT5.tmp "
Sun 2 Apr 2006 312 A.SH. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak "
Tue 4 Sep 2007 58,880 ...H. --- "C:\Documents and Settings\Owner\My Documents\Singular Research\Director's Letters\~WRL3342.tmp "
Wed 26 Sep 2007 321,536 ...H. --- "C:\Documents and Settings\Owner\My Documents\Singular Research\Coverage\AMSWA\~WRL0190.tmp "
Wed 28 Mar 2007 24,064 A..H. --- "C:\Documents and Settings\Owner\My Documents\Singular Research\Coverage\MLR\~WRL3986.tmp "
Mon 6 Aug 2007 74,240 ...H. --- "C:\Documents and Settings\Owner\My Documents\Singular Research\Marketing\Conference Calls\~WRL3023.tmp "

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:43 AM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DigiPortal Software\ChoiceMail\CMServer.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\DigiPortal Software\ChoiceMail\CMServer.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\TPPALDR.EXE
C:\Program Files\Common Files\AOL\1186409290\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\xdrive\xdrive desktop\XdriveTray.exe
C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pro.edgar-online.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF4 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe "
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1186409290\ee\AOLSoftware.exe "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe "
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ChoiceMail] "C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] "C:\Program Files\Plaxo\3.8.1.1\PlaxoHelper_en.exe" -a
O4 - HKCU\..\Run: [XdriveTrayIcon] "C:\Program Files\xdrive\xdrive desktop\XdriveTray.exe "
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [XdriveTray] "C:\Program Files\xdrive\xdrive desktop\xdrive.exe" /trayicon
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.0 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://singularresearch.webex.com/client/T26L/training/ieatgpc.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Choice Mail (svcChoiceMail) - DigiPortal Software, Inc. - C:\Program Files\DigiPortal Software\ChoiceMail\\CMServer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8963 bytes

Geri · 2008/03/21

Hi harrisc1

Please do the following, and answer my question.

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

C:\Documents and Settings\Owner\Desktop\AccessMediaSetup.exe
C:\Documents and Settings\Owner\Desktop\Audible_Nero_English.exe <<Do you use this? If not delete it.

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these folders (if present):

E:\My Received Files\Download\vnc-3.3.3r7_x86_win32\vnc_x86_win32\vncviewer <<Do you use VNCViewer? If not delete it. (Check Add/Remove programs for it before deleting the folder.)

The others are in system restore, but on your E drive along with VNCViewer. What is your E Drive?

Delete this from your ChoiceMail mailboxes, it was from aw-confirm at ebay.com way back in 01 Aug 2005
C:\Program Files\DigiPortal Software\ChoiceMail\mailboxes\harrisc1\11C31100-C0E2-430D-AB53-841597550169.msg

Thanks
Geri

harrisc1 · 2008/03/22

Done. E Drive is external hard drive, I use as backup and for songs, videos, pictures, etc.

Geri · 2008/03/22

Hi harrisc1

OK, The system restore needs to be cleaned on it, if you ever try to revert back with it it will reinfect the drive.

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.

To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click on My Computer and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
5. Click Apply, and then click OK
6. Make a new restore point.
7. Click Start, All Programs, Accessories, System Tools, System Restore.
Choose Create a restore point and clicked Next, Under "Type a description for your restore pointâ€¦â€put a name in the box,. Click Create. In the next window click Close.

After doing this please post a new Kaspersky scan.

Thanks
Geri

harrisc1 · 2008/04/02

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 02, 2008 2:58:32 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/04/2008
Kaspersky Anti-Virus database records: 678409
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 141356
Number of viruses found: 3
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 01:13:22

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS00190644-1749-4FE1-B049-CD2CA99FD546.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS051BF044-3AED-4BFC-B5EC-8C495299469C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS06519539-69EC-4C30-8333-34E55E383D11.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0C3793C6-5CA7-4E83-A26F-3A9FB2423281.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0E456710-2F65-4DC1-B0C6-4CCFEDDCD195.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0F8C313B-8E36-4779-8DDD-33125DDF95F1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1345D628-9FEF-4386-B29C-10DA023B8A87.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS20874766-7DA6-495A-A9CF-536835DA2CA8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS28B53A36-82F9-4C14-A881-3A7BA5B60881.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS28F22578-9B42-4882-A61F-59D6E9DA2347.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS29797627-ED2C-4CE0-A807-2B7476236D51.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2D63AD07-1F05-456F-926D-BD6776C8664F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS321D294F-FDB0-49CA-89C2-0419E8AD439D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS33B9A189-9270-4326-96E8-125FFD843FE3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS342897D0-D2F9-4313-AB40-AE1448B5365B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3EF2B7BD-5CB4-4E28-91AF-ECBFB5073D21.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS40B805B1-3F16-4083-8645-A1DBA1431B5B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS41AA8A72-4246-4CCA-A394-5A9516E087DB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS42759011-F283-4334-BE1C-A60413DBFDA0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4658EDC1-63F7-4B1B-8661-D63460BF3C3A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS46B0E9AB-EF53-4B50-8816-CD707A95CC43.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4E6E3384-2508-48E1-A559-9B0A1FFFAAC4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4EAA4BA6-DE57-4669-B084-C9ADC6A6F720.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4F2977B5-1C0E-4BCF-BEAE-13ED37A4BFDE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS532A8BF0-5140-400E-BBDD-E727E7CAE943.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS57112E3B-D1D2-4AAD-9ADB-BA7C333FBC28.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS579146C7-0D1C-4956-8287-EA6B1102FD5E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS58229451-7042-40ED-BEDD-948E9174F717.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5DCD0166-507B-40C5-BF64-02762EAA8E4E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6457A235-0D5B-4C0A-BEFA-F5FA48AADCBB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS68DC2122-43FE-4372-A67C-F3A2FEC6DF95.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6BBE948D-BF18-45AD-8FA1-0F87EA64B8C7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6C4F85DC-A605-41F9-8ADA-2BD891E7E157.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6DF1F33B-F69F-4370-9539-CACA9E36D4E3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6ED8B078-9860-4F1A-AA85-65F8F2A93169.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS71E4344C-3AA8-4919-A600-41089F9EF48D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS73999BD6-AEA6-499B-9BB2-B1D77ADAA6D8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS73DE206C-96E6-4562-955D-079CF9360718.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7CCBCAE1-4A02-4999-BC03-B9E830EC6133.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7D2F9261-424F-41DB-952B-7AB3A28925A8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7F4F3FBE-24C7-495D-B045-95F8119CA23F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS807D61D7-AB06-406F-A4C2-8D5DED680D6B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS86523D17-AB80-4214-8C0D-B5EAE3860CC0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8805DF65-2D64-49D0-9A41-0F6052318FFB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8B6FCEF7-41AD-45BF-8D9B-3B9A46FA7117.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS910EC250-0734-40F6-B2CD-0F1AC7BC6E89.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9483C036-BEC4-4BB5-9D87-13248C3EA1DB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS94ABDBB8-4E1F-4B9C-AB5A-A2A87D173F28.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS95A07A59-F702-4177-981F-4B27962068B5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS976805E7-1482-4713-9A72-214F947C24D8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9D355BEE-B8B9-4BF4-9D7A-82F70E09C5A7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA00B4BEF-0DED-4E4E-A6FD-413374E4EE87.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA11B4908-1770-4390-B7B4-606C9C3CE8D4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA155C805-3354-4AF2-91B6-E6E9F330B4A1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA3AB4844-DFC5-4594-9F74-B68719F0B8D0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA963437B-86AD-436B-AD05-FEDED6030D4E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAB6B403A-F441-4730-9BCF-EE9CB6847977.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAE4098BE-E373-49AE-9E16-62AA9C2AED90.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAF6D839F-E0A6-4367-AE12-678FFB563149.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB314CB27-5CE1-4CB8-BB50-E1003086857A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB65388D3-BB0B-4BE8-8063-5B608BC6EDF6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB9B48E24-FD36-4745-A4D5-EF8F28B572E1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBB122AF5-6385-4F61-8872-601CDDCA4561.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBF17665B-C7FC-4169-8647-0CA2172CD07C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBFD53ADC-A48E-43CA-B2BD-B61094BB4ECF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC006F619-4FD9-4394-A2C6-DCECF9C0AC94.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC12C32CB-3DC9-4A16-A6F0-42CE350C0B52.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC17D5DC5-6CE8-4190-A49B-882894BD0AAF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC3870CBB-4EF2-4B8D-8E3E-926FB420D7F2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC3CCC4D0-A8F8-49FB-8188-5B7669809275.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC42E64D7-D005-4D87-B487-C31D673FD0D5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC487908B-7097-4F9E-81CA-F91C41881428.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCF4982AD-6DCA-4D10-B69D-F930C44B9E13.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD34E8D7C-E27B-476D-A097-B77F951153EE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD42FAA35-9515-425F-B1DD-F23C9244DB81.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD596592C-182D-493C-B749-9EC150AB5726.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD82B73F7-ED56-4F47-B04F-F1577E86C3B3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD8A3984E-37BC-45C3-9AE1-F653453C8DF7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDE6A0340-4164-4BF0-8E9D-A4D40EE7F903.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE5157D24-5451-4225-89CC-5FBEDE127092.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE574BAF2-A002-4B6A-A726-5A2B0EE4FFE6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE7A1D14C-0BD3-4F91-81C6-7E714C5B6DE9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE7ACD324-0C29-4CD7-B56E-724B38B7B95D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF3FFA26C-810B-48B6-B3F6-220DA87353A3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF705A6B1-BC1D-42D7-ABFE-F94999520850.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF93ABD04-E0FE-42E0-A920-935A9FF5BB0E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFDE6C1A5-6FD4-4763-98C3-70E2D5AF3A1C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFF13AA7B-8A0F-40B7-97D2-F605BACC61E5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFFEAFE91-0CAB-49CF-A690-1B8AA7028E3B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Outlook\Outlook~3.srs Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Webroot\Spy Sweeper\Logs\080402124533.ses Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Xdrive\Xdrive Desktop\CompleteLog.txt Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Xdrive\Xdrive Desktop\Tray.txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbc2em.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbc2emh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbu2dm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbu2dmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\fim1i.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\fim1ih.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\archive2.pst Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\backup.pst Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\Cache\CAF49862d01 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008040220080403\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF5DA6.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\JSQJF33O\k[2] Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2host.log Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2svc.log Object is locked skipped
C:\Program Files\DigiPortal Software\ChoiceMail\cmdb.ldb Object is locked skipped
C:\Program Files\DigiPortal Software\ChoiceMail\cmdb.mdb Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\RECYCLER\S-1-5-21-1060284298-1637723038-725345543-1003\Dc1.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\RECYCLER\S-1-5-21-1060284298-1637723038-725345543-1003\Dc1.exe 7-Zip: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1060284298-1637723038-725345543-1003\Dc3.exe Object is locked skipped
C:\RECYCLER\S-1-5-21-1060284298-1637723038-725345543-1003\Dc4.msg/[From aw-confirm@ebay.com][Date Mon, 01 Aug 2005 20:48:23 +0000]/html Infected: Trojan-Spy.HTML.Bayfraud.hh skipped
C:\RECYCLER\S-1-5-21-1060284298-1637723038-725345543-1003\Dc4.msg Mail: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\gotomon.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JET141A.tmp Object is locked skipped
C:\WINDOWS\Temp\JETB035.tmp Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_46c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\RECYCLED\De1.3r7_x86_win32\vnc_x86_win32\vncviewer\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped

Scan process completed.

Thanks for your help.

Geri · 2008/04/02

Hi harrisc1

I'd like a couple files scanned. Please do this.

Jotti File Submission:

Please go to Jotti's malware scan

Copy and paste the following file path into the "File to upload & scan "box on the top of the page: one at a time

C:\WINDOWS\Temp\JET141A.tmp

C:\WINDOWS\Temp\JETB035.tmp

Click on the submit button

Please post the results in your next reply.

Thanks
Geri

harrisc1 · 2008/04/03

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file.

For both. Shows 0 kb on Windows Explorer too. Should I just delete them?

Geri · 2008/04/03

Hi harrisc1

Should I just delete them?
Click to expand...

No that's OK

Now do this please.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now Run Kaspersky again and post the new log.

Thanks
Geri

harrisc1 · 2008/04/04

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, April 04, 2008 2:04:03 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/04/2008
Kaspersky Anti-Virus database records: 678409
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 140338
Number of viruses found: 2
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 01:17:23

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS00190644-1749-4FE1-B049-CD2CA99FD546.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS051BF044-3AED-4BFC-B5EC-8C495299469C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS06519539-69EC-4C30-8333-34E55E383D11.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0C3793C6-5CA7-4E83-A26F-3A9FB2423281.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0E456710-2F65-4DC1-B0C6-4CCFEDDCD195.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0F8C313B-8E36-4779-8DDD-33125DDF95F1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1345D628-9FEF-4386-B29C-10DA023B8A87.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS20874766-7DA6-495A-A9CF-536835DA2CA8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS28B53A36-82F9-4C14-A881-3A7BA5B60881.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS28F22578-9B42-4882-A61F-59D6E9DA2347.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS29797627-ED2C-4CE0-A807-2B7476236D51.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2D63AD07-1F05-456F-926D-BD6776C8664F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS321D294F-FDB0-49CA-89C2-0419E8AD439D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS33B9A189-9270-4326-96E8-125FFD843FE3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS342897D0-D2F9-4313-AB40-AE1448B5365B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3EF2B7BD-5CB4-4E28-91AF-ECBFB5073D21.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS40B805B1-3F16-4083-8645-A1DBA1431B5B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS41AA8A72-4246-4CCA-A394-5A9516E087DB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS42759011-F283-4334-BE1C-A60413DBFDA0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4658EDC1-63F7-4B1B-8661-D63460BF3C3A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS46B0E9AB-EF53-4B50-8816-CD707A95CC43.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4E6E3384-2508-48E1-A559-9B0A1FFFAAC4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4EAA4BA6-DE57-4669-B084-C9ADC6A6F720.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4F2977B5-1C0E-4BCF-BEAE-13ED37A4BFDE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS532A8BF0-5140-400E-BBDD-E727E7CAE943.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS57112E3B-D1D2-4AAD-9ADB-BA7C333FBC28.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS579146C7-0D1C-4956-8287-EA6B1102FD5E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS58229451-7042-40ED-BEDD-948E9174F717.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5DCD0166-507B-40C5-BF64-02762EAA8E4E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6457A235-0D5B-4C0A-BEFA-F5FA48AADCBB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS68DC2122-43FE-4372-A67C-F3A2FEC6DF95.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6BBE948D-BF18-45AD-8FA1-0F87EA64B8C7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6C4F85DC-A605-41F9-8ADA-2BD891E7E157.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6DF1F33B-F69F-4370-9539-CACA9E36D4E3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6ED8B078-9860-4F1A-AA85-65F8F2A93169.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS71E4344C-3AA8-4919-A600-41089F9EF48D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS73999BD6-AEA6-499B-9BB2-B1D77ADAA6D8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS73DE206C-96E6-4562-955D-079CF9360718.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7CCBCAE1-4A02-4999-BC03-B9E830EC6133.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7D2F9261-424F-41DB-952B-7AB3A28925A8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7F4F3FBE-24C7-495D-B045-95F8119CA23F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS807D61D7-AB06-406F-A4C2-8D5DED680D6B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS86523D17-AB80-4214-8C0D-B5EAE3860CC0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8805DF65-2D64-49D0-9A41-0F6052318FFB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8B6FCEF7-41AD-45BF-8D9B-3B9A46FA7117.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS910EC250-0734-40F6-B2CD-0F1AC7BC6E89.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9483C036-BEC4-4BB5-9D87-13248C3EA1DB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS94ABDBB8-4E1F-4B9C-AB5A-A2A87D173F28.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS95A07A59-F702-4177-981F-4B27962068B5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS976805E7-1482-4713-9A72-214F947C24D8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9D355BEE-B8B9-4BF4-9D7A-82F70E09C5A7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA00B4BEF-0DED-4E4E-A6FD-413374E4EE87.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA11B4908-1770-4390-B7B4-606C9C3CE8D4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA155C805-3354-4AF2-91B6-E6E9F330B4A1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA3AB4844-DFC5-4594-9F74-B68719F0B8D0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA963437B-86AD-436B-AD05-FEDED6030D4E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAB6B403A-F441-4730-9BCF-EE9CB6847977.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAE4098BE-E373-49AE-9E16-62AA9C2AED90.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAF6D839F-E0A6-4367-AE12-678FFB563149.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB314CB27-5CE1-4CB8-BB50-E1003086857A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB65388D3-BB0B-4BE8-8063-5B608BC6EDF6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB9B48E24-FD36-4745-A4D5-EF8F28B572E1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBB122AF5-6385-4F61-8872-601CDDCA4561.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBF17665B-C7FC-4169-8647-0CA2172CD07C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBFD53ADC-A48E-43CA-B2BD-B61094BB4ECF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC006F619-4FD9-4394-A2C6-DCECF9C0AC94.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC12C32CB-3DC9-4A16-A6F0-42CE350C0B52.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC17D5DC5-6CE8-4190-A49B-882894BD0AAF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC3870CBB-4EF2-4B8D-8E3E-926FB420D7F2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC3CCC4D0-A8F8-49FB-8188-5B7669809275.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC42E64D7-D005-4D87-B487-C31D673FD0D5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC487908B-7097-4F9E-81CA-F91C41881428.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCF4982AD-6DCA-4D10-B69D-F930C44B9E13.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD34E8D7C-E27B-476D-A097-B77F951153EE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD42FAA35-9515-425F-B1DD-F23C9244DB81.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD596592C-182D-493C-B749-9EC150AB5726.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD82B73F7-ED56-4F47-B04F-F1577E86C3B3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD8A3984E-37BC-45C3-9AE1-F653453C8DF7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDE6A0340-4164-4BF0-8E9D-A4D40EE7F903.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE5157D24-5451-4225-89CC-5FBEDE127092.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE574BAF2-A002-4B6A-A726-5A2B0EE4FFE6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE7A1D14C-0BD3-4F91-81C6-7E714C5B6DE9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE7ACD324-0C29-4CD7-B56E-724B38B7B95D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF3FFA26C-810B-48B6-B3F6-220DA87353A3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF705A6B1-BC1D-42D7-ABFE-F94999520850.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF93ABD04-E0FE-42E0-A920-935A9FF5BB0E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFDE6C1A5-6FD4-4763-98C3-70E2D5AF3A1C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFF13AA7B-8A0F-40B7-97D2-F605BACC61E5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFFEAFE91-0CAB-49CF-A690-1B8AA7028E3B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Outlook\Outlook~3.srs Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Webroot\Spy Sweeper\Logs\080402124533.ses Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Xdrive\Xdrive Desktop\CompleteLog.txt Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Xdrive\Xdrive Desktop\Tray.txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe\Acrobat\8.0\Updater\updater.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe\Updater5\aumLib.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbc2em.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbc2emh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbu2dm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbu2dmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\fim1i.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\fim1ih.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\FORMS\IPM.Note.PlaxoBirthday\FS3D0.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\archive2.pst Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\backup.pst Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8afkn1m.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008040420080405\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Acr5258.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF5DA6.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFE3AA.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Audible\Logs\OUTLOOK_AudibleShellExt.log Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2host.log Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2svc.log Object is locked skipped
C:\Program Files\DigiPortal Software\ChoiceMail\cmdb.ldb Object is locked skipped
C:\Program Files\DigiPortal Software\ChoiceMail\cmdb.mdb Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP3\A0000044.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP3\A0000044.exe 7-Zip: infected - 1 skipped
C:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP3\A0000046.exe Object is locked skipped
C:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP3\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\gotomon.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JET141A.tmp Object is locked skipped
C:\WINDOWS\Temp\JETB035.tmp Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_46c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP3\change.log Object is locked skipped
E:\System Volume Information\_restore{3137EAA4-CD27-4C82-9D99-EB70F6A39048}\RP3\A0000049.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 skipped

Scan process completed.

Geri · 2008/04/04

Hi
Your system restore is infected again.

It seems you have MyWebSearch Toolber in your 7 -Zip program.
This needs to be deleted.

First check for MyWebSearch Toolber or RP3 in your add/remove programs list, if either of them are there remove them.

Now Right click on your 7 Zip program and click on explore.
Right click on these files and delete them.
RP3
MyWebSearch Toolber
A0000044.exe
A0000046.exe

Run ATF Cleaner again

Now lets clean your system restore again.

To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
5. Click Apply, and then click OK
6. Make a new restore point.
7. Click Start, All Programs, Accessories, System Tools, System Restore.
Choose Create a restore point and clicked Next, Under “Type a description for your restore point…”put a name in the box,. Click Create. In the next window click Close.

Now lets get another Kaspersky scan.

Thanks
Geri

harrisc1 · 2008/04/05

Can't find either MyWebSearch Toolber or RP3. Did you mean Real Player or Rhapsody Player by chance?

I can't find 7 Zip either. Ideas?

Geri · 2008/04/05

Hi

Did you mean Real Player or Rhapsody Player by chance?
Click to expand...

No.

Lets see a uninstall list.

To get an Uninstall List from HijackThis:

Open HijackThis, click Config, click Misc Tools

Click "Open Uninstall Manager "

Click "Save List" (generates uninstall_list.txt)

Click Save, copy and paste the results in your next post.

Thanks
Geri

harrisc1 · 2008/04/06

Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Apple Mobile Device Support
Apple Software Update
AudibleManager
AVG 7.5
Battleground Europe Game Monitor v0.9.1
Battleground Europe: WWIIOL
BE: WWIIOL TEST
ChoiceMail 4.5
Compatibility Pack for the 2007 Office system
Creative Audio Console
DivX Content Uploader
DivX Web Player
Garmin WebUpdater
Genie Backup Manager V4.0
Google Desktop
GoToMyPC
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iTunes
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
LimeWire 4.16.6
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft MSN MoneyCentral Stock Quotes Add-In for Excel
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Meeting 2005
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.13)
MSN Money Investment Toolbox
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero
neroxml
NVIDIA Drivers
PhatNoise Media Manager
Plaxo Toolbar for Windows
PlayGATE Setup
Quicken 2007
QuickTime
RealPlayer
Research Insight
Rhapsody Player Engine
Safari
ScanSoft PDF Professional 4
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Spelling Dictionaries Support For Adobe Reader 8
Spy Sweeper
TeamSpeak 2 RC2
TPP Storage Driver Installation
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USB Storage Adapter (TPP)
USB Storage Adapter V2 (TPP)
USB Storage Adapter V3 (TPP)
VCRedistSetup
VideoLAN VLC media player 0.8.6b
WebEx
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip 11.1
YouSendIt Plug-in for Outlook
YouSendIt Plug-in for Outlook

Log in or Sign up

Solved System Error! Your computer is infected by unknown trojan.

harrisc1 Inactive Thread Starter

harrisc1 Inactive Thread Starter

harrisc1 Inactive Thread Starter

harrisc1 Inactive Thread Starter

harrisc1 Inactive Thread Starter

harrisc1 Inactive Thread Starter

Geri Inactive Alumni

harrisc1 Inactive Thread Starter

Geri Inactive Alumni

harrisc1 Inactive Thread Starter

Geri Inactive Alumni

harrisc1 Inactive Thread Starter

Geri Inactive Alumni

harrisc1 Inactive Thread Starter

Geri Inactive Alumni

harrisc1 Inactive Thread Starter

Geri Inactive Alumni

harrisc1 Inactive Thread Starter

Geri Inactive Alumni

harrisc1 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved System Error! Your computer is infected by unknown trojan.

harrisc1 Inactive Thread Starter

harrisc1 Inactive Thread Starter

harrisc1 Inactive Thread Starter

harrisc1 Inactive Thread Starter

harrisc1 Inactive Thread Starter

harrisc1 Inactive Thread Starter

Geri Inactive Alumni

harrisc1 Inactive Thread Starter

Geri Inactive Alumni

harrisc1 Inactive Thread Starter

Geri Inactive Alumni

harrisc1 Inactive Thread Starter

Geri Inactive Alumni

harrisc1 Inactive Thread Starter

Geri Inactive Alumni

harrisc1 Inactive Thread Starter

Geri Inactive Alumni

harrisc1 Inactive Thread Starter

Geri Inactive Alumni

harrisc1 Inactive Thread Starter

Share This Page

Useful Searches